<?php

/*
	info: 后台管理首页及处理
	date: 2011-11-23
*/

define('ADMIN_WEBINROOT', TRUE);
require dirname(__FILE__).'/../include/common.inc.php';
define('ADMIN_WEBFILEPATH', WEBFILEPATH.'/'.WEBADMIN);
define('ADMIN_WEBURLPATH', WEBURLPATH.'/'.WEBADMIN);
define('ADMIN_WEBAUTHKEY', 'df5gfFDbkG45gfd4ix');
$webglobal['admincookie'] = 'amustr';
$webglobal['adminremurl'] = TRUE;
$webglobal['indexshowinfosign'] = array('financialstrategy', 'comparison');
require_once ADMIN_WEBFILEPATH.'/admin.func.php';

$webglobal['mode'] = isset($webrequest['mode']) ? trim($webrequest['mode']) : 'index';
$webrequest['page'] = isset($webrequest['page']) ? max(1, intval($webrequest['page'])) : 1;
$webrequest['gourl'] = isset($webrequest['gourl']) ? trim($webrequest['gourl']) : '';

global_ConnectDB();

//检测用户
$user['adminuid'] = 0;
$user['adminusername'] = $user['adminpassword'] = $user['adminusergroup'] = $user['adminpurview'] = '';
$user['issystem'] = $user['usergroup'] = 0;
if (isset($webcookie[$webglobal['admincookie']]))
{
	list($user['adminuid'], $user['adminusername'], $user['adminpassword']) = explode("\t", global_DecryptKey($webcookie[$webglobal['admincookie']], ADMIN_WEBAUTHKEY));
	$user['adminuid'] = intval($user['adminuid']);
	$tempok = FALSE;
	if ($user['adminuid']>0 && trim($user['adminusername'])!='' && trim($user['adminpassword'])!='')
	{
		$query = $db->Query("SELECT U.*, G.name, G.purview FROM {$webconfig['dbpre']}admin_user U LEFT JOIN {$webconfig['dbpre']}user_group G ON U.user_group_id = G.id WHERE U.id='{$user['adminuid']}'");
		if ($tempinfo = $db->FetchArray($query))
		{
			if ($tempinfo['username']==$user['adminusername'] && $tempinfo['password']==$user['adminpassword'])
			{
				$user['issystem'] = $tempinfo['issystem'];
				$user['usergroupid'] = $tempinfo['user_group_id'];
				$user['adminusergroup'] = isset($tempinfo['name']) && $tempinfo['name'] ? $tempinfo['name'] : '';
				$user['adminpurview'] = isset($tempinfo['purview']) && $tempinfo['purview'] ? $tempinfo['purview'] : '';
				$tempok = TRUE;
			}
		}
		unset($tempinfo);
	}
	if (!$tempok)
	{
		global_ClearCookie($webglobal['admincookie']);
		$user['adminuid'] = 0;
		$user['adminusername'] = $user['adminpassword'] = '';
	}
	unset($tempok);
}

//未登录控制
if ($user['adminuid']==0 && $webglobal['mode']!='login')
{
	global_GoToUrl(ADMIN_WEBURLPATH.'/index.php?mode=login');
	exit();
}

//权限判断
if (!in_array($webglobal['mode'], array('exit','login','index','indexhead','indexleft','indexmain','myinfo')) && !$user['issystem'])
{
	$temppass = FALSE;
	$query = $db->Query("SELECT * FROM {$webconfig['dbpre']}purview WHERE mode='{$webglobal['mode']}' ORDER BY linkmore DESC");
    //var_dump("SELECT * FROM {$webconfig['dbpre']}purview WHERE mode='{$webglobal['mode']}' ORDER BY linkmore DESC");
    while ($temppv = $db->FetchArray($query))
	{
		if (in_array($temppv['id'], explode(',', $user['adminpurview'])))
		{
			if ($temppv['linkmore'] != '')
			{
				$tempmorepv = explode('&', $temppv['linkmore']);
				$tempcurpass = TRUE;
				foreach ($tempmorepv as $tempkey => $tempvalue)
				{
					$tempvalueary = explode('=', $tempvalue);
					if (!isset($webrequest[$tempvalueary[0]]) || $webrequest[$tempvalueary[0]]!=$tempvalueary[1])
					{
						$tempcurpass = FALSE;
					}
				}
				if ($tempcurpass)
				{
					$temppass = TRUE;
					break;
				}
			}
			else
			{
				$temppass = TRUE;
				break;
			}
		}
	}
	if (!$temppass)
	{
		admin_ShowMessage('您无权执行该操作。');
	}
}

//模块判断
$webglobal['includefile'] = '';
switch ($webglobal['mode'])
{
	//登录退出
	case 'exit':
	case 'login':
		$webglobal['includefile'] = 'login.inc.php';
		break;
	//主页框架
	case 'index':
	case 'indexhead':
	case 'indexleft':
	case 'indexmain':
		$webglobal['includefile'] = 'index.inc.php';
		break;
	//我的...
	case 'myinfo':
		$webglobal['includefile'] = 'my.inc.php';
		break;
	//管理帐号
	case 'adminuseradd':
	case 'adminuseredit':
	case 'adminuserdel':
	case 'adminuser':
	case 'adminlog':
	case 'adminupsql':
		$webglobal['includefile'] = 'adminuser.inc.php';
		break;
	//新闻中心
	case 'newsadd':
	case 'newsedit':
	case 'newsup':
	case 'news':
	case 'content':
	case 'contentadd':
	case 'contentedit':
	case 'imageadd':
	case 'imageedit':
		$webglobal['includefile'] = 'news.inc.php';
		break;
	//商铺管理
	case 'companyedit':
	case 'companydel':
	case 'companyup':
	case 'companyfp':
	case 'company':
		$webglobal['includefile'] = 'company.inc.php';
		break;
	//表单数据
	case 'joinus':
	case 'referfriend':
		$webglobal['includefile'] = 'forminfo.inc.php';
		break;
	//权限列表
	case 'purview':
	case 'purviewadd':
	case 'purviewedit':
	case 'purviewgroup':
	case 'purviewgroupadd':
	case 'purviewgroupedit':
		$webglobal['includefile'] = 'purview.inc.php';
		break;
	//用户组管理
	case 'usergroup':
	case 'usergroupadd':
	case 'usergroupedit':
	case 'usergroupdel':
		$webglobal['includefile'] = 'usergroup.inc.php';
		break;
	//用户管理
	case 'user':
	case 'useredit':
	case 'userup':
		$webglobal['includefile'] = 'user.inc.php';
		break;
	//分类管理
	case 'category':
	case 'categoryadd':
	case 'categoryedit':
	case 'categorydel':
		$webglobal['includefile'] = 'category.inc.php';
		break;
	//站点设置
	case 'settings':
		$webglobal['includefile'] = 'settings.inc.php';
		break;
	//优惠劵管理:
	case 'coupon':
	case 'couponedit':
	case 'couponup':
	case 'words':
	case 'wordsadd':
	case 'wordsup':
		$webglobal['includefile'] = 'coupon.inc.php';
		break;
	//积分兑换管理:
	case 'integral':
	case 'integraledit':
	case 'integraladd':
	case 'integralup':
	case 'integralorder':
	case 'integralorderedit':
	case 'integralorderup':
		$webglobal['includefile'] = 'integral.inc.php';
		break;
	case 'brand':
	case 'brandadd':
	case 'brandedit':
	case 'brandup':
		$webglobal['includefile'] = 'brand.inc.php';
		break;
}

//载入模块
if (!empty($webglobal['includefile']))
{
	include ADMIN_WEBFILEPATH.'/'.$webglobal['includefile'];
}
exit();

?>